Datapipe Deploys New Security Model Bringing Deeper, More Secure AWS Adoption to the Enterprise

Model focuses on the protection and safeguard of the enterprise’s virtual infrastructure


LAS VEGAS, RE:INVENT — (November 11, 2014) — Datapipe, a global leader in managed hybrid IT solutions for the enterprise, today announced the launch of the company’s new Datapipe Access Control Model for AWS (DACMA). DACMA lets enterprise businesses take advantage of Datapipe’s AWS managed services without requiring them to hand over the administrator-level credentials. The model also allows for an enhanced level of security and control through role based access and tracking, clearly establishing and tracking the accountability and actions of all users.

DACMA is seamless. It requires no extra steps or oversight once it is set up. Once implemented, DACMA dramatically reduces the risk of a disruption of service or data breach due to unauthorized access or activity of an AWS environment by either Datapipe or the client.

Key elements of DACMA include:

  • Complete Control of Data: Traditionally, when working with a managed services provider, an enterprise must hand over their administrator level credentials or root level credentials and API keys to enable that MSP to run and manage the virtual environment. DACMA removes this requirement. Through AWS Trust Relationships and Security Token Service (STS) software, Datapipe is able to effectively manage an enterprise’s system without the enterprise having to hand over administrator-level credentials to Datapipe, credentials that are difficult to take back once given out. This gives the enterprise complete control over their virtual infrastructure and data with the ability to pull user privileges at will.
  • Role-based Access: DACMA also enables role-based access within a system. This gives the enterprise and Datapipe the ability to control who has access to certain data with ease. Role-based access helps enterprises adhere to compliance requirements and DACMA helps businesses achieve this easily and with a high degree of customization. 
  • Accountability: With DACMA, all system access and activities are tied back to unique user names without the hassle of managing a long list of AWS users. This identity information is tagged to all actions taken by users and visible to both the enterprise and Datapipe via CloudTrail. Accountability within the system ensures the enterprise is meeting compliance requirements and also enables detection and response ensuring nefarious actions won’t go undetected.
  • Two-Factor Authentication: DACMA requires two-factor authentication for Datapipe employees to login to the Datapipe SSO. An additional layer of security is enforced by also requiring two-factor authentication for Datapipe employees trying to access the enterprise’s AWS account.
  • Credential Security:  DACMA was built with key protection as a fundamental tenant. Datapipe support personnel never see or directly access their own AWS login credentials. Logins are automated and personnel keys are never exposed. They are stored encrypted in a password vault protected by a high security Hardware Security Module and extensive auditing, access control, and reporting. These security features ensure that for every step of the login process, account keys are secured and protected.

“Enterprises often struggle with understanding and implementing the complete set of security capabilities that are available in the AWS platform as well as the security policies and process transformation required for their teams,” said Joel Friedman, CSO, Datapipe. “DACMA bridges that gap. DACMA delivers an even greater level of security best practices, based on our extensive experience in managing AWS services.” 

DACMA is the result of Datapipe’s deep understanding and experience in effectively planning, building and running highly secure and available AWS environments for clients across the globe. Datapipe will be discussing DACMA at the AWS re:Invent conference being held in Las Vegas, Nevada, November 11-14, 2014, booth #1000.


About Datapipe

Datapipe is the only global managed service provider to future proof IT for the enterprise. We do this by architecting, deploying and managing multi-platform hybrid IT solutions, including public, private and hybrid clouds integrated with traditional IT environments. Datapipe automates IT to support the continuous development and delivery of secure, highly available enterprise class applications. We deliver operational excellence through proven ITIL processes delivered by a global network of experienced professionals and next generation data centers in New York Metro, Ashburn VA, Silicon Valley, Chicago, Seattle, Denver, Kansas City, Dallas, Iceland, London, Hong Kong, Shanghai and Singapore.